Zero-Day Hunters Offer $500K For iOS Bugs

Days after Apple launched its first bug bounty program, zero-day hunters Exodus Intelligence upped the ante.

Apple will pay hackers up to $200,000 to identify vulnerabilities in its products. Exodus, meanwhile, is offering up to $500,000.

Cybersecurity researchers are invited to participate in the new Research Sponsorship Program (RSP), which awards bounties for both zero-day flaws and exploits against patched (n-day) vulnerabilities. Currently, iOS 9.3+ flaws are going for a max of $500,000, while Google Chrome and Microsoft Edge bugs could earn you up to $150,000 or $125,000, respectively.

Found Firefox vulnerabilities can net you up to $80,000, Windows 10 up to $75,000, and Adobe Reader and Flash up to $60,000 each. The firm is also offering a bonus structure for zero-day vulnerabilities, which adds to the initial payment for every quarter the exploit remains alive.

"Through the launch of the RSP, Exodus is excited to be engaging the global research community in our mission to provide the highest quality of vulnerability intelligence in the industry," company president Logan Brown said in a statement.

Registered users can view zero-day and n-day hit lists on the new RSP website.

Apple did not immediately respond to a request for comment.

The tech titan—a long-time holdout in the bug bounty arena—announced its new program during last week's Black Hat event in Las Vegas. Compensation ranges from $25,000 for a sandbox break to $200,000 for a secure boot hardware exploit. The program covers five issues, all on iOS or iCloud.

Historically, Apple shied away from bug bounties, citing high bids from the government and black markets. And while $200,000 (or even $500,000) is a good payday, it's pennies compared to the upwards of $1 million third parties like Zerodium have paid security researchers to uncover Apple vulnerabilities.

In June, Cupertino moved to an unencrypted kernel in iOS 10, allowing enthusiasts and security researchers to look inside, while also increasing device security.

RELATED BY

In a statement, Samsung said it’s, “putting consumer safety as top priority,” and, “reached a final decision to halt production of the Galaxy Note 7.” At this time, the Galaxy Note 7 isn’t being produced, isn’t being sold, and those that do remain aren’t being exchanged for another unit.